9.8

CVE-2026-26342

Exploit
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to authenticate to the management interface until the token is revoked, enabling unauthorized access to device functions and data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TattileAxle Counter Firmware Version <= 1.181.5
   TattileAxle Counter Version-
TattileVega53 Firmware Version <= 1.181.5
   TattileVega53 Version-
TattileVega33 Firmware Version <= 1.181.5
   TattileVega33 Version-
TattileVega11 Firmware Version <= 1.181.5
   TattileVega11 Version-
TattileBasic Mk2 Firmware Version <= 1.181.5
   TattileBasic Mk2 Version-
TattileAnpr Mobile Firmware Version <= 1.181.5
   TattileAnpr Mobile Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.539
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
disclosure@vulncheck.com 8.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-613 Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."